Re: [CentOS] regarding vpn server for 1500 clients

23 Dec 2008


      Robert Moskowitz wrote:
...
I have never liked the SSLvpn architecture.  Never really liked the SSL 
handshake; just too chatty.  I wear my biases quite plainly on my arm 
sleeve (I chaired the IPsec workgroup during the time the RFCs came 
out).  You want security, go with IPsec.  Even ESP NULL gives you per 
packet authentication and thus proof of server and client.  Just pay the 
price for IKE, which I never liked.  Part of the reason I invented HIP....
But ssl vpns work though just about any firewall/proxy/nat that already 
permit https.  Traversing those can be painful or impossible for ipsec.
-- 
   Les Mikesell
    lesmikesell@gmail.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] regarding vpn server for 1500 clients